Security-informed safety: integrating security within the safety demonstration of a smart device

Bloomfield, R. E., Guerra, A. S. L., Butler, E. & Netkachova, K. (2017). Security-informed safety: integrating security within the safety demonstration of a smart device. Paper presented at the 10th International Topical Meeting on Nuclear Plant Instrumentation, Control, 11-15 Jun 2017, San Francisco, USA.

[img]
Preview
Text - Accepted Version
Download (638kB) | Preview

Abstract

Safety and security engineering have, over the years, developed their own regulations, standards, cultures, and practices. However, there’s a growing realisation that security is closely connected to safety. Safety must be security-informed: if a safety-critical system isn’t secure, it isn’t safe. A safety demonstration is incomplete and unconvincing unless it considers security. In our work for government and industry, we have used the Claims, Arguments, Evidence (CAE) framework to analyse the impact of security on a safety justification or safety case and identified the significant changes needed to address security explicitly. This will impact the design and implementation process as well as the assurance and V&V approach.

In this paper we discuss the impact of integrating security when developing a safety demonstration of a smart device. A smart device is an instrument, device or component that contains a microprocessor (and therefore contains both hardware and software) and is programmed to provide specialised capabilities, often measuring or controlling a process variable. Examples of smart devices include radiation monitors, relays, turbine governors, uninterruptible power supplies and heating ventilation, and air conditioning controllers.

Item Type: Conference or Workshop Item (Paper)
Additional Information: Copyright 2017 by the American Nuclear Society, La Grange Park, Illinois.
Uncontrolled Keywords: Smart (embedded) devices, safety assessment, security-informed safety, cyber
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: School of Informatics > Department of Computing
URI: http://openaccess.city.ac.uk/id/eprint/17724

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics